package hsb.ruoyi.common.config.security;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.subject.Subject;
import hsb.ruoyi.common.core.domain.model.JwtSubject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.List;


public class JwtProcessor extends BaseProcessor {

    private static final Logger logger = LoggerFactory.getLogger(com.usthe.sureness.processor.support.JwtProcessor.class);

    @Override
    public boolean canSupportSubjectClass(Class<?> var) {
        return var == JwtSubject.class;
    }

    @Override
    public Class<?> getSupportSubjectClass() {
        return JwtSubject.class;
    }

    @Override
    @SuppressWarnings("unchecked")
    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {


        //如果角色字符串是 * ，就认为是通配符，代表任意角色(任意登陆用户)都可以
        //但因为sureness默认是不对角色做通配符判断的，所以这里直接把支持的角色给置空
        List<String> supportRoles = (List<String>) subject.getSupportRoles();
        if (supportRoles.size() == 1) {
            String supportRole = supportRoles.get(0);
            if (supportRole.equals("**")) {
                //允许角色是通配符 *  用户永远至少一个角色，则
                subject.setSupportRoles(null);
            }
//            if (supportRole.equals("*")) {
//                List<String> ownRoles = (List<String>) subject.getOwnRoles();
//                if (ownRoles != null && ownRoles.size() > 0) {
//                    subject.setSupportRoles(null);
//                }
//            }
        }
//        String jwt = (String) subject.getCredential();
//        if (JsonWebTokenUtil.isNotJsonWebToken(jwt)) {
//            throw new IncorrectCredentialsException("this jwt credential is illegal");
//        }
//        Claims claims;
//        try {
//            claims = JsonWebTokenUtil.parseJwt(jwt);
//        } catch (SignatureException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
//            // JWT error
//            if (logger.isDebugEnabled()) {
//                logger.debug("jwtProcessor authenticated fail, user: {}, jwt: {}",
//                        subject.getPrincipal(), jwt);
//            }
//            throw new IncorrectCredentialsException("this jwt error:" + e.getMessage());
//        } catch (ExpiredJwtException e) {
//            // JWT expired
//            if (logger.isDebugEnabled()) {
//                logger.debug("jwtProcessor authenticated expired, user: {}, jwt: {}",
//                        subject.getPrincipal(), jwt);
//            }
//            throw new ExpiredCredentialsException("this jwt has expired");
//        }
//        // attention: need to set subject own roles from account
//        subject.setPrincipal(claims.getSubject());
//        List<String> ownRoles = claims.get("roles", List.class);
//        if (nonNull(ownRoles)) {
//            subject.setOwnRoles(ownRoles);
//        }
//        PrincipalMap principalMap = new SinglePrincipalMap();
//        for (Map.Entry<String, Object> claimEntry : claims.entrySet()) {
//            principalMap.setPrincipal(claimEntry.getKey(), claimEntry.getValue());
//        }
//        subject.setPrincipalMap(principalMap);
        return subject;
    }

}
